Tools
July 4, 2020

macOS

Dock hide animation speed up

defaults write com.apple.dock autohide-time-modifier -float 0.4;killall Dock
defaults write com.apple.dock autohide-delay -float 0; killall Dock

Minimize Effect speed up

defaults write com.apple.dock mineffect -string scale
defaults write -g NSWindowResizeTime -float 0.003

Keyboard Layouts

This layouts put tilda in the right place

Put this files in /Library/Keyboard Layouts/ and reboot. Then add new layouts from keyboard preferences.

EU keyboard

english-tilda_EU.bundle.zip
russian-tilda_EU.bundle.zip

US keyboard

russian-tilda_US.bundle.zip

VPN Only mode

  1. Disable firewall in System Preferences
  2. Create pf files
mkdir ~/pf
touch ~/pf/mypf.conf
touch ~/pf/mypf.rules
touch ~/pf/start.sh
chmod +x ~/pf/start.sh

mypf.conf

anchor "com.ipsec.only"
load anchor "com.ipsec.only" from "/Users/loxpidor/pf/mypf.rules"

mypf.rules

# Options
wifi = "en1"
eth = "en0"
set skip on lo0

# Reject instead of drop
set block–policy return

# Allow DHCP requests/reply
# DNS server assigned over DHCP will be not reacheble!
pass quick on { $wifi $eth } proto udp from any port 67:68 to any port 67:68 keep state

# Home network full access
pass out quick on { $wifi $eth } to 192.168.3.0/24

# Allow some websites without  VPN
pass out quick on { $wifi $eth } proto tcp to 123.45.67.89 port = 443
pass out quick on { $wifi $eth } proto tcp to 123.45.67.89 port = 80  

# VPN servers
pass out quick on { $wifi $eth } proto { udp icmp } to 64.31.235.14 # ipsec VPN
pass in quick on { $wifi $eth } proto udp from to 64.31.235.14 # ipsec VPN

# Allow all from specific user id
# Use this for captive portal authentication by run browser from this user
pass quick on { $wifi $eth } from any to any user 502


# Deny all the rest
block in on { $wifi $eth }
block out on { $wifi $eth }

start.sh

#!/bin/sh
#
# this script must be executed at boot time by launchd
# it enables the pf firewall "on demand" using OS X PF Tokens (–E)

#
# We need to trap on TERM signals, according to Apple's launchd docs:
#
trap 'exit 1' 15

#
# Use the "ipconfig waitall" command to wait for all the interfaces to come up:
#
ipconfig waitall
sleep 5

/sbin/pfctl –e
/sbin/pfctl –Ef /Users/loxpidor/pf/mypf.conf

# Exit with a clean status
exit 0

Run start.sh at boot

It can be done manually via launchd or using LaunchControl utility.
If files in Watch Paths will modified - firewall rules will be restarted automaticly.